Setting up Graylog in Azure

To get started with installing Graylog, do the following:

Create a VM using the following:

SSH into the server and follow this guide to get Graylog installed.

To set up public access, set the following variables in Graylog config file:

Once fully installed, set up an Apache reverse proxy:

Edit /etc/apache2/sites-enabled/000-default.conf:

Then restart both servers:

To verify installation, access at <IP_ADDRESS> to verify the installation. If you see the Graylog login screen, you’ve successfully set up the server.

Finish by setting the SSH networking rule to a trusted IP to improve security.

Set up HTTPS using Let’s Encrypt

To set up HTTPS using Let’s Encrypt, use the Certbot directions.

Once that’s done, make sure to change http_external_uri in the Graylog config file and restart Graylog.

Send Kubernetes Logs to Graylog

First, SSH into the server and configure Elasticsearch (/etc/elasticsearch/elasticsearch.yml) to bind to the private IP of the VM:

Restart Elasticsearch, then configure Graylog to listen to the new Elasticsearch host:

Restart Graylog, then open the firewall to allow for port 9200 to be accessible by the cluster IP. Confirm access by trying to hit port 9200.

Next, set up an input in Graylog.

After that, create the RBAC role for the cluster (fluentd-rbac.yml):

Then create the daemonset, changing the container environment variables as needed (fluentd-daemonset.yml):

Deploy both of these out:

Then check the logs of the daemonset to confirm correct connection:

Sending Azure App Service Logs to Graylog

To get started, create the following:

For the App Service in place, enable “Diagnostic logs” and send them to the Event Hub.

TO BE CONTINUED

Increase Heap Size

To increase the heap size, edit /etc/default/graylog-server, then restart graylog-server.service.

References

https://mherman.org/blog/logging-in-kubernetes-with-elasticsearch-Kibana-fluentd/#fluentd